Criminal gang used ‘sim swapping’ technique to hijack phone numbers of famous online influencers, sport stars, and musicians
Ten hackers in a criminal gang have been arrested around the world, after they carried out a series of ‘sim swapping’ attacks that targetted high-profile victims in the United States.
Europol said that the criminals using this attack vector were able to hijack the phone numbers belonging to famous internet influencers, sport stars, musicians and their families, and stole from them over $100 million in cryptocurrencies after illegally gaining access to their phones.
One hacker was arrested in Malta and another in Belgium, with the other arrests taking place in other countries.
The international investigation began in spring 2020, and was jointly conducted by law enforcement from the UK, United States, Belgium, Malta and Canada, with international activity coordinated by Europol.
All ten arrested people belonged to the same criminal gang, Europol said.
The gang worked together to access the victims’ phone numbers and take control of their apps or accounts by changing the passwords.
Doing this allowed the criminals to steal money, cryptocurrencies and personal information, including contacts synced with online accounts. They also hijacked social media accounts to post content and send messages masquerading as the victim.
Europol said this type of fraud is known as ‘sim swapping’ and it was identified as a key growing trend in its latest Internet Organised Crime Threat Assessment.
The way it works is that the criminals essentially take over control of a victims phone number by deactivating their SIM and porting the allocated number over to a SIM belonging to a member of the criminal network.
The criminals do this by “exploiting phone service providers to do the swap on their behalf, either via a corrupt insider or using social engineering techniques.”
And it should be noted that it is not just celebrities who are under the ‘sim swapping’ attack. Anyone with a mobile phone can fall victim to sim swapping.
But Europol advises mobile phone users to keep their devices’ software up to date; do not reply to suspicious emails or engage over the phone with callers that request personal information; limit the amount of personal data shared online; opt for two-factor authentication rather than having an authentication code sent over SMS; and when possible do not associate a personal phone number with sensitive online accounts.